Lock or unlock indicator on a data storage device

ABSTRACT

A data storage device 100 comprising: a non-volatile storage medium 108 configured to store user data 109; a data port 106 configured to transmit data and power between a host computer system 130 and the data storage device 100; a data access state indicator 140; and a controller 110 configured to: selectively set a data access state of the data storage device 100 to either: an unlocked state to enable access to the user data 109; or a locked state to disable access to the user data 109; and generate an indicator control signal to cause the data access state indicator 140 to indicate the data access state, wherein the data access state indicator 140 is configured to indicate the data access state irrespective of whether the data storage device 100 is powered through the data port 106.

TECHNICAL FIELD

This disclosure relates to a data storage device that can be selectivelylocked and unlocked, and that provides an indication of such to a userof the data storage device.

BACKGROUND

Data storage devices (DSDs) are electronic devices with the capabilityto store information in the form of digital data. DSDs are typicallydeployed as an integrated part of, or as a removable componentconfigured to interface with, a computing system for the purpose ofimproving the data transmission and storage capabilities of the system.From the perspective of the computing system, a DSD is typicallyimplemented as a block storage device where the data stored is in theform of one or more blocks, being sequences of bytes or bits having amaximum length, referred to as block size.

External DSDs are commonly used to supplement the data storagecapabilities of a computer system. For example, external DSDs are oftenstandalone physical devices which house an internal storage component,such as a hard disk drive (HDD) or a solid state drive (SSD), thatprovides a host computing system with an additional portion ofnon-volatile memory (i.e., the volume of the drive) in which to storedigital data. These external drive type devices are connectable to thehost computer system via a data path operating over a particularconnectivity protocol (e.g., via Universal Serial Bus (USB) cable). Inresponse to being connected to the host computer system, the hostcomputer system recognizes the external drive as a block data storagedevice such that a user of the device may access the storage of thedrive via the data path (e.g., through operation of the host computer).Access to the drive typically enables a user to access (e.g., read,write and/or modify) user data stored on the drive.

Some storage devices provide status or state information to users aboutthe functionality of the data storage device, such as by sendinginformation to a host computer device for display on a screen, or byusing light emitting diodes (LEDs). The user data of a data storagedevice may be secured against access by unauthorized parties.

SUMMARY

Disclosed herein is a data storage device comprising: a non-volatilestorage medium configured to store user data; a data port configured totransmit data and power between a host computer system and the datastorage device; a data access state indicator; and a controllerconfigured to: selectively set a data access state of the data storagedevice to either: an unlocked state to enable access to the user data;or a locked state to disable access to the user data; and generate anindicator control signal to cause the data access state indicator toindicate the data access state, wherein the data access state indicatoris configured to indicate the data access state irrespective of whetherthe data storage device is powered through the data port.

In some embodiments, the data access state indicator includes one ormore persistent display components configured to display a visualrepresentation of the data access state, and to retain the visualrepresentation in the absence of power.

In some embodiments, the data access state indicator includes a colorchanging surface having an electrochromic material configured to changecolor in response to a voltage applied to the material to indicate thedata access state of the data storage device.

In some embodiments, the locked state, no voltage is applied to thematerial and wherein the corresponding color of the color changingsurface indicates a locked state.

In some embodiments, the generation of the indicator control signal bythe controller comprises: determining the data access state of the datastorage device; determining an access color corresponding to the dataaccess state based on a mapping of, at least, the unlocked state to afirst color and the locked state to a second color; determining avoltage to apply to the electrochromic material to change the color ofthe color changing surface to the access color, wherein the colorchanging surface retains the access color after cessation of theapplication of the voltage.

In some embodiments, the data storage device further comprises: anindicator control circuit, and the data storage device is furtherconfigured to: transmit the generated indicator control signal to theindicator control circuit to cause the indicator control circuit to:apply the determined voltage to the electrochromic material to changethe color changing surface to the access color; and cease application ofthe voltage to the electrochromic material after change of the color ofthe color changing surface to the access color.

In some embodiments, the data access state indicator is a bi-stabledisplay panel configured to display an electronic label on a substratein response to a voltage applied to one or more regions of thesubstrate, where the label indicates the data access state of the datastorage device.

In some embodiments, the generation of the indicator control signal bythe controller comprises: determining the data access state of the datastorage device; determining an access label corresponding to the dataaccess state based on a mapping of, at least, the unlocked state to afirst label and the locked state to a second label; determining a set ofvoltages to apply to corresponding regions of the substrate of thedisplay panel to change the label of the bistable display panel to theaccess label, wherein the bi-stable display retains the access labelafter the panel is unpowered.

In some embodiments, the data storage device further comprises: anindicator control circuit, wherein the controller is further configuredto: transmit the generated indicator control signal to the indicatorcontrol circuit to cause the indicator control circuit to: apply thedetermined set of voltages to the regions of the substrate of thedisplay panel to change the label of the display panel to the accesslabel; and cease application of the set of voltages after change of theelectronic label on the display panel.

In some embodiments, the data access state indicator is a display panelincluding: an underlying layer having a specified static labelindicating the data access state of the data storage device; and adisplay surface layer covering the underlying layer, wherein the displaysurface layer has an optical transparency that varies in response to anapplied voltage.

In some embodiments, the generation of the indicator control signal bythe controller comprises: determining the data access state of the datastorage device; determining, based on the determined data access state,a voltage to apply to the display surface layer to change thetransparency of the display surface layer to reveal or hide the staticlabel of the underlying layer, wherein the static label of theunderlying layer remains revealed or hidden after the panel isunpowered.

In some embodiments, the persistent display of the data storage deviceis configured to obtain power from at least one of: the host computersystem via the data port; and an independent power source associatedwith the data storage device.

In some embodiments, the power supplied to the persistent display isobtained preferentially from the host computer via the data port overthe independent power source.

In some embodiments, the independent power source is an ambient powersource configured to generate power from an environment around the datastorage device.

In some embodiments, the ambient power source comprises: at least oneof: one or more solar cells coupled to the data storage device andconfigured to generate a charge in response to incident solar radiation;and one or more radio-frequency (RF) harvesting components configured togenerate a charge in response to contact of the RF components withelectromagnetic radiation; and a battery electrically connected to theat least one of the one or more solar cells and the one or more RFharvesting components to store generated charge.

In some embodiments, in response to disconnection of power from the hostcomputer, the data storage device is further configured to:automatically change the data access state from the unlocked state tothe locked state; and persistently indicate the locked state withoutpower from the host computer.

In some embodiments, the controller is further configured to generate aphysical enable signal to: in response to selectively setting the dataaccess state to the unlocked state, enable transmission of user databetween the host computer system and the storage medium via the dataport; and in response to selectively setting the data access state tothe locked state, disable transmission of user data between the hostcomputer system and the storage medium via the data port.

In some embodiments, the data storage device further comprises acryptography engine connected between the data port and the storagemedium, and wherein the controller is further configured to: in responseto selectively setting the data access state to the unlocked state,instruct the cryptography engine to use a decryption key to perform adecryption function to selectively decrypt encrypted user data stored onthe storage medium.

Disclosed herein is a method for indicating a data access state of adata storage device, the method executed by a controller of the deviceand comprising: selectively setting a data access state of the datastorage device as: an unlocked state to enable access to user datastored on a non-volatile storage medium of the data storage device; or alocked state to disable access to the user data; and generating anindicator control signal to cause a data state indicator of the datastorage device to indicate the data access state, and wherein the datastate indicator is configured to indicate the data access stateirrespective of whether the data storage device is powered through adata port configured to transmit data and power between a host computersystem and the data storage device.

Disclosed herein is a data storage device comprising: means for storinguser data; means for transmitting data and power between a host computersystem and the data storage device; means for indicating a data state;means for selectively setting a data access state of the data storagedevice as: an unlocked state to enable access to user data stored on anon-volatile storage medium of the data storage device; or a lockedstate to disable access to the user data; and means for generating anindicator control signal to cause a data state indicator of the datastorage device to indicate the data access state, and wherein the datastate indicator is configured to indicate the data access stateirrespective of whether the data storage device is powered through adata port configured to transmit data and power between a host computersystem and the data storage device.

BRIEF DESCRIPTION OF DRAWINGS

Some embodiments are described herein below with reference to theaccompanying drawings, wherein:

FIG. 1 a illustrates an example data storage device (DSD) in accordancewith some embodiments;

FIG. 1 b illustrates a block diagram of an access controller of theexample DSD in accordance with some embodiments;

FIG. 2 a illustrates a perspective view of the DSD having an enclosureincluding a color changing surface, in accordance with some embodiments;

FIGS. 2 b and 2 c illustrate a cross section of a surface of theenclosure of the DSD including the color changing surface, in accordancewith some embodiments;

FIG. 3 a illustrates a perspective view of the DSD having an enclosureincluding a bi-stable display panel, in accordance with someembodiments;

FIG. 3 b illustrates a schematic diagram of regions of the bi-stabledisplay panel, in accordance with some embodiments;

FIG. 3 c illustrates a cross section of a surface of the enclosure ofthe DSD including a display surface and an underlying surface, inaccordance with some embodiments;

FIG. 4 illustrates a flow diagram of a process for indicating a dataaccess state of the DSD, in accordance with some embodiments;

FIG. 5 illustrates a flow diagram of the generation of an indicatorcontrol signal for a color changing surface, in accordance with someembodiments;

FIG. 6 illustrates a flow diagram of the generation of an indicatorcontrol signal for a bi-stable display panel, in accordance with someembodiments;

FIG. 7 a illustrates a block diagram of a first implementation of anambient power source of the DSD in accordance with some embodiments; and

FIG. 7 b illustrates a block diagram of a second implementation of anambient power source of the DSD in accordance with some embodiments.

DESCRIPTION OF EMBODIMENTS

One way in which user data of a data storage device (DSD) may be securedis by disabling any exchange of data between the internal storage mediumof the DSD and an external device connected to the DSD (e.g., a hostcomputer system). That is, the connected device is physically unable toextract user data stored on the internal drive of the DSD, or to writedata to the drive. Alternatively, or in addition, securing the user datamay involve obscuring the data as it is stored on, or retrieved from,the DSD (e.g., using an encryption function). in both of theaforementioned approaches the DSD implements a “locking” operation thatsecures user data by preventing (or “disabling”) access to the data,either physically or logically. The DSD provides (or “enables”) accessto the stored user data via a corresponding “unlocking” operation whichenables data transmission through the data path, and/or performsdecryption of the user data if required, such that the user may access(e.g., read, write and/or modify) user data stored on the drive.

For a DSD with locking and unlocking functions, it is desired to providea user of the device with information about whether the user data ispresently accessible or whether it is secured. Data storage devices aretypically configured to be removably connected (e.g., through USB) tohost systems, and to be capable of seamless disconnection from the host.Consequently, many such devices lack a display and an independent powersource, such as a battery or a power supply associated with the DSD. Oneoption for providing a user with data access information is to send theinformation to a host computer system, or other external device,connected to the DSD such that the connected device can then display arepresentation of the data access state (DA State) of the device (i.e.,“locked” or “unlocked”) to the user.

However, once disconnected the external device may no longer receivedata access state information for the DSD. As many DSDs are designed tobe portable devices used to offer an ad-hoc storage solution, relianceon a constant connection with a host computer, or other device, toprovide a user with data access state information is impractical.Another approach is to use LEDs to indicate the DA state of the device,such as by incorporating the LEDs into a housing, or other outwardlyexposed portion, of the DSD that is visible to the user. However, LEDindicators require power to operate.

Without an independent power source. LEDs are typically powered by theconnected external device (e.g., the host computer). As a result, thedisconnection of the external device from the DSD prevents a single LEDfrom accurately indicating a locked or unlocked state of the device(i.e., since the user cannot determine whether an unlit LED is correctlyindicating an access state, such as unlocked, or whether it is unlitbecause it is unpowered). The use of multiple LEDs does not solve thisproblem, since the user cannot determine the DA state in the case thatthe DSD is unpowered (as all LEDs will be unlit). It is thereforedesired to provide a data storage device that ameliorates one or more ofthese difficulties, or other difficulties, of the prior art or that atleast provides a useful alternative.

With reference to FIG. 1 a , there is disclosed an exemplary datastorage device (DSD) 100 that selectively controls access of a user 101of the device 100 to user content data 109 stored thereon, and providesthe user 101 with corresponding data access state information via a dataaccess state indicator (“DA state indicator”) 140 of the device 100.Specifically, the DSD 100 described herein issues control signals tocause the data access state indicator 140 to indicate the data accessstate irrespective of whether the data storage device 100 is poweredthrough a data port 106. The data port 106 is configured to transmitdata and power between a host computer system 130 and the data storagedevice 100.

For example, the DSD 100 may communicate with and obtain power from ahost computer 130 through a USB port 106 that provides power, as well asenabling the transfer of data between device 100 and host 130. In thiscase, the host computer 130 acts as an external power source supplyingpower to the DSD 100 via data port 106. The disclosed data storagedevice 100 is advantageous in that use of the host computer 130 as apower source can be maintained, while also providing data accessinformation to users even when no power is available from the hostcomputer (e.g., following its disconnection from the device 100).

The DA state indicator 140 is a visual indicator in the describedembodiments, configured to visually represent the DA state to the user101. In some examples, the DA state indicator 140 includes one or moredisplay components integrated, at least partially, into a housing 116 orenclosure of the DSD. Unlike conventional approaches to visuallyindicating the DA state of a storage device, examples of the displaycomponents described herein are persistent components configured todisplay a particular visual representation of the data access state, andto retain the visual representation in the absence of an external powersource. This provides an advantage over the use of conventionalindicator components which rely on a supply of power to maintain thevisual representation (e.g., LEDs and LCD displays).

In some examples, the DSD 100 includes an ambient power source 118configured to generate power from an environment around the data storagedevice 100. The DA state indicator 140 is electrically connected to boththe data path 104 and the ambient power source 118 for the purpose ofreceiving power. That is, the ambient power source 118 is capable ofpowering the DA state indicator 140 in the case that no power isavailable from the data path 104 (i.e., via the data port 106) or fromany other independent source.

The use of ambient power sources as described herein may provideadvantages over powering a DSD using conventional independent powersources, such as an internal battery, including: i) the ability toimplement components of the ambient power source with a reduced sizecompared to conventional internal batteries (since the storagecomponents, if any, of the ambient source will not need to store as muchcharge); ii) the resulting self-sufficiency of the data. storage device,in that the ambient sources generate power passively from theenvironment, and therefore the DSD does not require power from anexternal source (e.g., an AC mains connection, or the host 130); iii)enabling the data storage device to transition between the unlocked andlocked states (i.e., to secure and unsecure the stored user data)without the receiving power through the data port 106; and iv) enablinga persistent data access state indicator 140 to indicate a transitionbetween data access states that occurs without the DSD 100 receivingpower through the data port 106 (i.e., in the case where the data accessstate changes without the host 130 being connected via port 106).

Therefore, the data storage devices described herein provide an improvedsolution for selectively securing stored data against unauthorizedaccess, and indicating a corresponding data access state of the deviceto a user, without requiring the data storage device to be powered by aconnected host computer device.

Lockable Data Storage Device

FIG. 1 a shows an embodiment of the DSD 100 comprising a data path 104and an access controller 110. The data path 104 comprises a data port106 configured to transmit data between a host computer system 130 andthe DSD 100. The DSD 100 is configured to register with the hostcomputer system 130 such as to provide functionality to the hostcomputer system 130 of a block data storage device. DSD 100 furthercomprises storage medium 108 to store user content data 109. The usercontent data 109 includes one or more blocks of data organized intofiles, for example including images, documents, videos, etc., accordingto a particular file system operable by the host computer 130.

The storage medium 108 is non-transitory such as to retain the storedblock data irrespective of whether the medium 108 is powered. The medium108 may be a hard disk drive (HDD) with a rotating magnetic disk or asolid state drive (SSD) and its variations like SLC (Single Level Cell),eMLC (Enterprise Multi Level Cell), MLC (Multi Level Cell), TLC (TripleLevel Cell), and QLC (Quadruple Level Cell), and combinations of theabove such as SSHD. Any other type of non-volatile storage media mayalso be used, including emerging non-volatile memory such as Program inPlace or Storage Class Memory (SCM), such as ReRam., PCM, and MRAM.Further, the storage medium 108 may be a block data storage device, suchthat the user content data 109 is written in blocks to the storagemedium 108 and read in blocks from the storage medium 108.

The host computer 130 is configured to include a device driver and adata/power interface for communicating with the DSD 100 and providing itwith power. The data and power interface operates over data port 106,which may be implemented as, for example, some form of USB port (e.g.,USB-A, USB-8, USB-C, mini USB, micro-USB, etc.), a Thunderbolt port, aPower over Ethernet (PoE) port, or a similar port.

The DSD 100 includes a cryptography engine 107 configured to receive,interpret and execute commands received from host computer system 104according to a predetermined command set, such as for example thestandard Advanced Technology Attachment (ATA) or serial ATA (SATA)and/or ATA Packet Interface (ATAPI) command set, which is available fromTechnical Committee T13 noting that identical functionalities can beimplemented within Trusted Computing Group (TCG) Opal, Small ComputerSystem Interface (SCSI) and other proprietary architectures.

The cryptography engine 107 is connected between the data port 106 andthe storage medium 108 and is configured to use a cryptographic key toencrypt user content data 109 to be stored on the storage medium 108,and to decrypt the encrypted user content data 109 stored on the storagemedium 108 in response to a request from the host computer system 130.That is, the access controller 110 issues commands to the data pathcomponents to cause the cryptography engine 107 to control acryptographic state of the user content data 109 (i.e., encrypted orplain). For example, the access controller 110 may provide a key to thedata port 106, which the data port 106 then forwards to the cryptographyengine 107 via a SECURITY SET PASSWORD command of the ATA SECURITYfeature set.

The access controller 110 is configured to selectively set a data accessstate (DA state) of the DSD 100 to: an unlocked state to enable accessto the user content data 109: or a locked state to disable access to theuser content data 109. The access controller 110 is configured togenerate a physical enable signal to control the data path 104 such asto enable or disable the transmission of user content data 109 betweenthe host computer system 130 and the non-volatile storage medium 108 viathe data port 106. The state of the data path 104, as either enabling ordisabling data transmission, is referred to as a physical access stateof the DSD.

In one example, the user content could be stored in a plain (i.e.,unencrypted) form, and only the generation of the physical enable signaldetermines whether the user content data is accessible to the host 130.In this case, the device 100 is in an “open” mode of operation where theuser content data is not subject to encryption and the physical accessstate therefore determines whether access to the user content data isenabled or disabled. That is, in the locked data access state theunencrypted user content, data is prevented from passing through thedata path 104 to the host computer 130. By contrast, in the unlockedstate, the unencrypted data may pass through the data path 104 to thehost computer 130 via the data port 106.

The data access state may also be derived based on a cryptographic stateof the DSD 100 when the device is operating in a “restricted” mode. Inthe restricted mode, the cryptography engine 107 uses a cryptographickey to selectively: i) decrypt the user content data 109 stored on thestorage medium 108; and ii) encrypt one or more of: the user contentdata 109 stored on the storage medium 108; and data received from thedata port 106 to be stored as user content data 109 on the storagemedium 108.

The access controller 110 provides the cryptographic key to at least onecomponent of data path 104 and therefore directs the encryption ordecryption of the user content data as part of its controlfunctionality. In one example, the cryptography engine 107 encrypts theuser content data “on the fly” as it passes through cryptography engine107 from data port 106 to storage medium 108, and decrypts the encrypteduser content data “on the fly” as it passes through the cryptographyengine 107 from storage medium 108 to data port 106.

The cryptographic state of the DSD 100 is determined by cryptographickey used by the cryptography engine 107. In a cryptographically unlockedstate, the cryptography engine 107 performs encryption and decryptionoperations with a particular pre-determined user key associated with theuser 101. For example, the user key may be set during a configurationstep conducted by the user 101. In a cryptographically locked state, theuser key is unavailable to the cryptography engine 107. As a result,data transmitted to or received from the DSD 100 will be obfuscatedcompared to the corresponding data generated by the cryptography engine107 in the unlocked cryptographic state. In some embodiments, in therestricted mode the DSD 100 may be configured to obtain the user key viaa key transfer process (e.g., involving the host 130 or other externaldevice as described below), or to derive the user key in response to theauthentication of the user 101 (e.g., by the user 101 entering an inputpasscode that matches to a known passcode associated with the DSD 100).

The cryptographic state may be independent of the physical access state.That is, the DSD 100 may enable transmission of data through the path104, independently to whether the data retrieved from, and stored into,the storage medium 108 is encrypted and decrypted by the cryptographyengine 107.

In some embodiments, the DSD 100 controls access to user content data109 by the selective setting of the physical access state by the accesscontroller 110 of the DSD 100 (i.e., the control of whether the host 130can exchange data in any form, encrypted or plain, with the device 100).That is, the data access state of the DSD 100 is “locked” or “unlocked”in accordance with the corresponding physical access state. In suchimplementations, the access controller 110 is configured to set theenable signal to selectively set the data access state of the device100, to either: an unlocked state to enable transmission of user contentdata 109 between the host computer system 130 and the storage medium 108via the data port; or a locked state to disable transmission of usercontent data 109 between the host computer system 130 and the storagemedium 108 via the data port 106.

In other embodiments, the data access state may be determined based onthe cryptographic state, or from both the physical access state and thecryptographic state. For example, the DSD 100 may be considered to be“unlocked” if user content data 109 can physically pass through the datapath 104 and if the user key is available for encryption and decryptionin the restricted mode (i.e., based on both the physical access andcryptographic access states).

In the examples discussed, the data storage device 100 includes one ormore input components 102 configured to accept an input from the user101. For example, the input components 102 may include a: set of buttons103; and a keypad 105, or a similar arrangement of mechanical componentsthat collectively enable the selection of digits or characters forentering into the device 100. The input components 102 may also includeone or more communications devices, such as a wireless modem, configuredto receive and transmit data wirelessly via the transmission of anelectronic message in a predetermined form.

The user 101 operates the input components 102 to change the data accessstate of the device 100. For example, the user 101 may actuaterespective “Lock” and “Unlock” buttons of set 103 to request that accessto the user data 109 be disabled or enabled respectively. In someexamples, a cryptographic key can be transferred to the device 100 bythe host 130, or by a separate external device such as a phone. Thetransfer may occur via networked communication with a remote server, viadirect transfer based on a local connection between the devices (e.g.,in the case that the separate device is plugged into the DSD). Thecryptographic key may be provided via direct input into a user interfaceon the DSD 100 (e.g., via input components 102).

In some examples, the access controller 110 controls access to the usercontent data 109 based on an authentication process. For example, tounlock the device 100, and thereby access the stored user data 109, theuser 101 first authenticates themselves with the DSD 100. Authenticationmay be performed by any one of a variety of authentication processeswhich verify the identity of the user 101 as an authorized user toaccess the stored data 109.

In some examples, user authentication may proceed via the use of aninput passcode which is entered into the DSD 100 via the inputcomponents 102. For example, in response to the entry of an inputpasscode by user 101 into keypad 105, corresponding input passcode data(representing the input code) is generated by the components 102 andtransmitted to the access controller 110. The, access controller 110 maycompare the input password to a known unlock password, and authenticatethe user 101 in response to a match between the input arid unlockpasswords. Following authentication of the user 101, the accesscontroller selectively sets the DA state of the data storage device 100to a state requested by the user 101 (e.g., to the unlock state suchthat the user 101 can access the data 109 via host 130).

The DSD 100 includes an enclosure 116 configured to physically house thecomponents of the device 100. The enclosure 116 is formed from a rigid,or semi-rigid, material with particular properties (e.g., electricalresistance and impact strength) suited to protecting the internalcomponents of device 100. For example, the material of the enclosure 116may include a polycarbonate (PC), an acrylonitrile butadiene styrene(ABS), an acrylic, a thermoplastic polyester, a metal, or a combinationof any of these.

The DSD 100 includes at least one data access state indicator 140configured provide the user 101 with an indication of the data accessstate of the DSD 100. The DA state indicator 140 has sub-componentsincluding one or more display components 142 capable of visuallydisplaying the data access state to user 101.

In the described embodiments, the display components 142 include atleast one of: i) a color changing surface; and ii) a bi-stable panel,each forming at least a portion of the enclosure 116 of the device 100.Accordingly, the display components 142 are persistent componentsconfigured to retain a particular visual representation in the absenceof a power source, such as when the device 100 is not receiving powerthrough the data port 106 (e.g., due to a disconnection of the host130). The DA state indicator 140 also includes an indicator controlcircuit configured to interface with the access controller 110 and drivethe display components 142 in response to an indicator control signal,as described herein below.

The DA state indicator 140 receives power from the data path 104, assupplied by the host computer 130. In some embodiments, the DSD 100includes an independent power source electrically connected to, atleast, the DA state indicator 140 and the access controller 110, andconfigured to generate, process, and storage electrical energy to powerthe indicator 140 and controller 110 components. The independent powersource may be an ambient power source 118 configured to generate powerfrom an environment around the DSD 100, and to thereby enable DSD 100 toself-sufficiently power the DA state indicator 140 (i.e., to providepower to the indicator without reliance on a connection with the host130).

In the described examples. the ambient power source 118 is implementedas: 1) a solar based source configured to generate electrical energyfrom solar radiation incident on the device 100; or 2) a radio-frequency(RF) based source configured to generate electrical energy from RFwaves. The ambient power source 118 may also include an internal batteryconfigured to store generated charge for supplying to the accesscontroller 110 or DA state indicator 140, as described herein below.

FIG. 1 b illustrates an exemplary embodiment of the access controller110 which includes: a processor 111; a clock 112 in communication withthe processor 111; memory modules in the form of a system memory 114,and a firmware 115, configured to exchange data with the processor 111and a power source 113 configured to power, at least, the processor 111and the clock 112. In some examples, the power source 113 is an internalbattery configured to supply power exclusively to components of theaccess controller 110. In some examples, the power source 113 acceptsinput power from the data port 106 and/or the ambient source 118(discussed herein below) via the power flows 123 and 125 respectively.In such examples, the power source 113 may be a rechargeable batteryconfigured to be charged by flows 123 and 125, or a conversion orpass-through module enabling the access controller 110 to be powered byflows 123 and/or 125.

The processor 111 is configured to execute program code stored withinthe system memory 114 to issue commands for controlling the operation ofthe DSD 100. The function of the processor 111 includes, but is notlimited to, generating: the enable signal, and a corresponding disablesignal, to control data transmission through data path 104; cryptographyengine control signals to direct the encryption or decryption of theuser content data 109 by cryptography engine 107; and indicator controlsignals to control the operation of at least one data access stateindicator 140 (DA state indicator) of the device 100, as describedherein below.

Processor 111 is configured to receive input data from data path 104 andinput components 102 via flows 119 and 117 respectively. For example,processor 111 receives data representing an input passcode entered intothe DSD 100, as generated by the input components 102, and generatesenable and/or cryptography engine signals in response to the inputpasscode matching to the unlock passcode maintained by the accesscontroller 110. Processor 111 generates and transmits user interface(UI) control signals to the input components 102 to manage one or moreUI elements of the components (e.g., LEDs associated with the keypad andbuttons). Processor 111 receives a clocking signal from clock 112, whichis processed to produce timestamp values representing instants inreal-time that are used by the access controller 110 (e.g., by the userauthentication process).

The system memory 114 stores device specific data, including at least aunique identifier of the DSD 100, referred to as the device identity key(IDK), and an indication of the DA state of the DSD 100. For example,the DA state may be represented by a binary data access variable havingvalues ‘0’ or ‘1’ representing the “unlocked” and “locked” states of thedevice 100 respectively. The cryptographic state of the DSD 100 may besimilarly represented by a data cryptography variable (i.e., ‘0’indicating plain data, and ‘1’ indicating encrypted data).

In examples where a user authentication process is performed to changethe data access state of the DSD 100, the system memory 114 isconfigured to store authentication data of the device 100. Theauthentication data includes unlock passcode data representing theunlock passcode for unlocking the DSD 100, and any other data requiredby the device 100 to perform user authentication.

In some embodiments, the system memory 114 also includes: a firmware 115a; and one or more drivers 115 b for implementing the DA stateindication functionality described herein. The firmware 115 a anddrivers 115 b may be stored in a separately partitioned area of systemmemory 114, or in one or more dedicated hardware modules, such ascaches, registers, or a combination of these.

The processor 111 is configured to execute the firmware 115 a anddrivers 115 b to control the data access state of the device 100, andthe DA state indicator 140 such as to indicate the data access state tothe user 101. Firmware 115 a has associated indicator control data 115 crepresenting one or more parameters of the display components 142 forindicating the data access state according to the type or form of DAstate indicator 140. For example, the indicator control data of a DAstate indicator 140 including an electrochromic material may specifycolor data representing a plurality of colors which may be assumed bythe color changing surface (i.e., the display component 142) of thematerial. In another example, the indicator control data 115 c mayspecify label data representing labels that may be rendered on thebi-stable display panel of a DA state indicator 140.

In some examples, the firmware 115 a includes a mapping of the dataaccess state (e.g., unlocked or locked) of the device to particularparameter values associated with the display components, as describedherein below. Driver 115 b defines a set of functions that areexecutable by the processor 111 in order to generate indicator controlsignals, in response to input indicator control parameters, for controlof the DA state indicator 140. In some embodiments, the driver 115 band/or the control data 115 c are part of the firmware 115 a.

The processor 111 is configured to execute the firmware 115 a and thedriver 115 b to generate the indicator control signal in order to causethe DA state indicator 140 to indicate the data access state.Specifically, processor 111 transmits the indicator control signal, asgenerated by the driver 115 b, to the indicator control circuit 141 ofthe indicator 140. The indicator control circuit 141 is indicatorspecific, and is configured to interpret the signal generated by thecorresponding indicator specific driver 115 b to drive the displaycomponents 142 to visually represent the data access state. For example,the indicator control circuit 141 of a DA state indicator 140 includingan electrochromic material may include a color surface interface forapplying commands of the indicator control signal (as generated by acolor driver 115 b) to the color changing surface 142.

Persistent Visual Indicators

FIGS. 2 a, 2 b, 2 c , and 3 illustrate embodiments of particular displaycomponents 142 that provide a persistent visual indication of the dataaccess state of DSD 100. In the illustrated embodiments, DSD 100 is anexternal storage drive in the form of a direct access storage (DAS)device configured to be removably connected to, and easily disconnectedfrom, the host system 130 in an ad-hoc manner. The data port 106 isconfigured to accept a USB connector for connecting DSD 100 to the hostcomputer 130. The enclosure 116 houses a storage drive 108 in the formof an SSD for storing data 109. DSD 100 is configured to obtain powerthrough the USB connector in response to a connection to the host system130 via data port 106. Input components 102 include button set 103including at least buttons to control the data access state of thedevice 100 (e.g., “Unlock” and “Lock” buttons for actuation by the user101).

In one embodiment, as shown in FIGS. 2 a-2 c , the display components142 include a color changing surface 142 a incorporated within a portionof enclosure 116, where the surface 142 a retains a selected colorwithout power. Surface 142 a is formed from at least one electrochromicmaterial (chromophore), having optical properties (e.g., opticaltransmission, absorption, reflectance and/or emittance) that arecontrollable in a continual but reversible manner on application of avoltage to the material. The color change is persistent, and energy isonly needed to cause a color change but not to retain the color.

Electrochromic materials can include metal oxides such as tungstenoxide, molybdenum, titanium and niobium oxides. Some organic compounds,such as viologens, and some conducting polymers, such as polypyrrole,PEOOT polymer, and polyaniline, can also display electrochromicproperties. Other types of synthetic materials can also be engineered toincorporate electrochromism. There are many uses for materials withelectrochromic properties. For example, in the automobile industry,electrochromic glass is used to automatically tint rear-view mirrors invarious lighting conditions. In another example, electrochromic windowscan block ultraviolet, visible or (near) infrared light. By blockinginfrared light, the energy efficiency of an a structure or enclosure canbe increased by reducing heat buildup in the enclosure.

Typically, one or more layers of electrochromic material are combinedwith other components, such as a voltage application circuit, into anelectrochromic device (ED) to achieve the controlled optical propertiesdescribed above. For example, an ED may consist of two electrochromic(EC) layers separated by an electrolytic layer. Conducting electrodes oneither side of both EC layers are used to provide an external voltageand cause a color change. Some electrochromic devices can be categorizedinto two types: a laminated device which uses a liquid gel, and a solidelectrolyte device which uses solid inorganic or organic material.

With reference to FIG. 2 a , the surface 142 a may be organized as asingle electrochromic layer, as multiple continuous layers, or asseparate layers in combination with other components (e.g.,electrolytics) to form part of an ED. For ease of reference, thedisclosure refers to electronic materials of the surface 142 a whichincludes one or more electrochromic materials organized in any of theaforementioned configurations. For example, the indicator controlcircuit 141 may include components configured to apply a voltage to theelectronic materials of surface 142 a, such that the circuit 141 and thesurface 142 a collectively form an ED.

For example, in one embodiment, an ED may include five superimposedlayers on one substrate or positioned between two substrates in alaminated configuration. The two outer layers are transparentconductors, with the two middle layers being an EC layer and anion-storage layer for conducting ions and electrons. The central layeris an electrolyte for separating the two middle layers. Opticalabsorption occurs when electrons move into the two middle layers fromthe transparent conductors along with charge balancing ions enteringfrom the electrolyte in the central layer. Other electrochromic devicesin alternative embodiments may use more or less layers.

The optical properties of surface 142 a are variable in response to theapplication of a voltage to the electronic materials. The constituentelectrochromic material(s), and therefore surface 142 a, is configuredto change color in response to a voltage applied to the materials) suchas to indicate the data access state of the data storage device 100.This enables surface 142 a to maintain a color corresponding to aparticular data access state of the DSD 100 without the supply of powerto the device 100. For example, following a transition of the device 100to the locked state, the electrochromic material may indicate the lockedstate without a voltage being applied to the material.

The change in color of surface 142 a may be achieved by the controlledvariation of one or more optical properties of the electronic materials.For example, FIGS. 2 b and 2 c illustrate a side cross section ofsurface 142 a, as incorporated within enclosure 116, using anelectrochromic material 142 b that changes transparency. The surface 142a may be a top side of the DSD 100 as depicted in FIG. 2 a . Underneaththe electrochromic material 142 b is a colored layer 142 c. Both thecolored layer 142 c and the electrochromic material 142 b, in an opaquestate, have associated a particular default color (e.g., red, blue,green, yellow, etc.) corresponding to a particular access color, asdescribed below. FIG. 2 b shows the electrochromic material 142 b in atransparent state, such that the colored layer 142 c is visible as thecolor of the color changing surface 142 a. FIG. 2 c shows theelectrochromic material 142 b in the opaque state, preventing thecolored layer 142 c from being visible. In this state, the colorchanging surface 142 a assumes the color of the electrochromic material142 b.

While the above disclosure refers to the use of an electrochromicmaterial within a single layer, other embodiments may implement multipleelectrochromic layers to achieve the color changing functionality ofsurface 142 a. Alternatively, or in addition, the electrochromicmaterial 142 b may not necessarily be a singular material and maycontain other materials forming a material layer capable of controlledtransparency. For example, the electrochromic material 142 b may be anelectrochromic device comprising of several layers that together providethe described color changing capability.

As shown in FIGS. 2 a-2 c , color changing surface 142 a is formed as anintegral portion of the enclosure 116. The dimensions of the surface 142a may vary according to embodiments of the DSD 100. For example, thesize of the surface 142 a may be limited to a sub-region of a surface ofthe enclosure 116 as depicted in FIG. 2 a . In other embodiments, theenclosure 116 may be wholly or mostly made of the color changing surface142 a. The remaining parts of the enclosure 116 are formed from anormal, non color changing material, such as ordinary polymer, plastic,and/or metal materials. For example, a small device, such as a flashdrive, may use a color changing surface 142 a for the entire enclosure116, except for the USB connector, which requires a conductive materialsuch as a metal. In this case, the entire device 100 excluding theconnector will change color to indicate the data access state of thedevice 100.

The non color changing materials are typically of a lower cost thanelectronic materials, and so the overall costs of the enclosure 116 maybe reduced by only having a portion of the enclosure 116 include thecolor changing surface 142 a. In some embodiments, surface 142 a be mayformed as a strip, or patch, applied to a portion, or to the entirety,of the enclosure 116.

In another embodiment, as shown in FIG. 3 a , the display components 142include a bi-stable display panel 142 d incorporated within, or affixedto, a portion of enclosure 116. The bi-stable display panel 142 d isconfigured to display a selected label 142 electronically on a substrateof the panel 142 d in response to a voltage applied to one or moreregions of the substrate.

In some embodiments, display panel 142 d is an electrophoretic displayincluding a microencapsulated electrophoretic medium configured torender label 142 e by forcing a migration of the encapsulated particlesat each of the regions of the substrate such that the panel 142 dretains label 142 e without power. In such embodiments, display panel142 d may be implemented using an E ink (e.g., Spectra or Kaleido), or asimilar technology. That is, in response to the application of a voltageto the substrate, the label 142 e is selectively imprinted onto panel142 d, which acts as a persistent visual indicator (i.e., an electronicpaper) capable of retaining the imprinted label 142 e without power.

Electrophoretic displays function by causing the controlled migration ofmicroencapsulated particles at specific regions on a substrate inresponse to an applied voltage. In one embodiment, the substrateincludes multiple layers, including a transparent upper electrode layer,a liquid polymer layer containing the microencapsulated particles, and alower electrode layer. The microencapsulated particles are titaniumdioxide particles approximately one micrometer in diameter dispersed ina hydrocarbon oil within the polymer layer. A dark-colored dye is addedto the oil, along with surfactants and charging agents that cause theparticles to take on an electric charge. This mixture is placed betweentwo parallel, conductive plates (i.e., forming the upper and lowerelectrode layers) separated by a gap of 10 to 100 micrometres.

A voltage is applied across the two plates, to cause the particles tomigrate electrophoretically to the plate that bears the opposite chargefrom that on the particles. The migration of the particles to the front(viewing) side of the panel 142 d, causes the panel to appear white atthe corresponding region (i.e., since the light is scattered back to theviewer by the titania particles), The migration of the particles to therear side of the display 142 d causes it to appear dark (i.e., since theincident light is absorbed by the colored dye). Accordingly, dividingthe substrate into a number of small picture elements (i.e., pixels)enables the creation of a pattern of reflecting and absorbing regions,and therefore the formation of images (such as label 142 e), in responseto the application of the appropriate voltage at each pixel location.FIG. 3 b shows an implementation of an electrophoretic display includingtwo microcapsules controlling two respective pixel regions. Each capsulecontains an oily solution containing a black dye (the electronic ink),with numerous white titanium dioxide particles suspended within. Theparticles are slightly negatively charged, and each one is naturallywhite. A positive charge to the surface electrode attracts the particlesto the top of local capsules, causing the surface of display 142 d toappear white when viewed from direction A (i.e., pixel 1). Reversing thevoltage repels the particles to the bottom of local capsules resultingin the black dye moving to the surface of 142 d and turning the pixelblack (i.e., pixel 2).

With reference to FIG. 3 a , label 142 e includes text that is selectedto indicate the data access state of the data storage device 100. In thedescribed embodiments, the text of label 142 e is set to “Locked”(depicted) or “Unlocked”, as imprinted on panel 142 d, to indicate thecorresponding data access states of the DSD 100. In other embodiments,label 142 e may be set to a selected icon or image, or to a ‘blank’ ornull label in which all pixel regions are set uniformly to black orwhite, according to the data access state of the device 100. Forexample, label 142 e may be set to a padlock icon in response to thedata access state changing to the locked state. The label 142 e may beset to a null label in response to the data access state changing to theunlocked state, such that the padlock icon is no longer rendered on thepanel 142 d.

In another example, label 142 e may be a text label with a staticsub-part that remains constant and a variable sub-part which is alteredin accordance with the data access state. For example, where the label142 e is selected as “LOCKED” or “UNLOCKED”, the panel 142 d mayfunction such that the “LOCKED” portion remains displayed and the “UN”prefix is visible or hidden (i.e., depending on the data access state).In this case, the display 142 d may indicate the data access state withimproved power efficiency and/or complexity (i.e., since the number ofregions on the substrate to which voltages must be applied in responseto a change in data access state is reduced).

FIG. 3 c shows another embodiment in which the data state indicator 140includes a panel 142 f configured to include an underlying layer 142 gin combination with a display surface 142 h having a varying opticaltransparency according to the data access state. Specifically,underlying layer 142 g includes a static label 142 i that is a specifiedfixed icon, text, or image label, applied on to, or integrally formedwith, the underlying layer 142 g of the panel 142 f. Panel 142 fincludes an upper layer 142 h configured as the display surface, whichmay be implemented, for example, as an electrochromic material, abistable display, or a liquid crystal display (LCD). The display surface142 h acts as an optical shutter that is either opaque, thereby blockingfrom view the static label 142 i rendered on the underlying surface 142g, or transparent, thereby enabling the label 142 i to be seen by a user101.

In one example (not shown), the underlying layer 142 g is the enclosure116 and label 142 i is formed by applying an ink to the outer surface ofenclosure 116 in a region beneath the display surface 142 h of panel 142f. Alternatively, the underlying layer 142 g may include a translucentplastic material containing the label 142 i that is affixed onto, orincorporated within, the enclosure 116. The underlying layer 142 g mayalso include a backlit LED to illuminate the label 142 i therebyenhancing its visibility in low light conditions. In these embodiments,the panel 142 f has multiple functional states, including for example: a“closed” state in which the optical shutter display surface 142 h isopaque, an “open” state in which the optical shutter surface 142 h istransparent with the LED off; and an “open and backlit” state in whichthe optical shutter surface 142 h is transparent with the LED on. Thistakes advantage of the low power requirements of the bistable,electrochromic, or LCD display surface and of the LED lighting source(which can he active when the drive receives external power and certainaccess criteria are met).

Indicating the Data Access State

FIG. 4 illustrates a method 400 for indicating a data access state ofthe DSD 100 according to the described embodiments. The steps of theprocess 400 are implemented at least in part by the DSD 100 or itscomponents, such as the access controller 110. At step 402, thecontroller 110 receives a lock/unlock event representing an action thattriggers a change in the data access state of the DSD 100. Thelock/unlock events are generated, at least, in response to any of thefollowing:

(1) the selection of a locking or unlocking function of the device 100by user 101; and

(2) the execution of one or more internal functions of the accesscontroller 110.

With reference to (1), lock and unlock events are generated in responseto the user 101 selecting a locking or unlocking function of the DSD 100via the input components 102. For example, the button set 103 mayinclude “Lock” and “Unlock” buttons which the user 101 actuates to causethe generation of a corresponding lock or unlock event by the controller110. In some embodiments, actuation of the “Unlock” button, or element,of the input components 102 initiates the unlocking function, wherecompletion of the function (i.e., cause the controller 110 to generatethe unlock event) is subject to the authentication of the user 101 by auser authentication process. For example, in the case of a passwordbased authentication process, the controller 110 generates the unlockevent in response to an input password of the user 101 (e.g., a personalidentification number (PIN) code entered into the device 100 via,buttons 103 or keypad 105) matching to an unlock password of the device100.

With reference to (2), in some embodiments the access controller 110 isconfigured to perform one or more internal functions to cause thegeneration of lock or unlock events to automatically set the data accessstate. For example, the controller 110 may perform an activitymonitoring function to track the amount of time that has passed sincethe transmission of data through the data path 104. This is referred toas the device data transmission idle time. If the data transmission idletime exceeds a threshold value (e.g., 60 minutes), as maintained withinmemory 114 of the controller 110, then the controller 110 may generate alock event to automatically lock the DSD 100, such that a correspondingunlock event is required to regain access to the data 109. The unlockevent may involve the entry of a PIN code, and/or the execution of anentire key transmission and unlock process, to grant the user 101 accessthe DSD 100. This is an example of an automated security function of thecontroller 110, which may be implemented to protect the user data 109against any unauthorized access that may otherwise result if, forexample, the device 100 is left unattended for a prolonged period whileconnected with the host computer 130.

At step 404, the controller 110 processes the generated lock or unlockevent to selectively set the data access state of the DSD 100. Theprocessor 111 sets the data access state by changing the value of thebinary DA state variable in memory 114 to a value of ‘0’ or ‘1’ in thecase of a transition to the “unlocked” and “locked” states respectively.That is, in response to an unlock event, the controller 110 sets the DAstate to the unlocked state to enable access to the user data 109 viathe data port 106. Alternatively, in response to a lock event, thecontroller 110 sets the DA state to the locked state to disable accessto the user data 109 via the data port 106. In other embodiments, thecontroller 110 may modify the cryptographic state and/or physical accessstate of the device 100 in response to a lock or unlock event (e.g., todirect the cryptography engine 107 to perform subsequent encryption ordecryption operations with a particular cryptography key).

The controller 110 generates an indicator control signal to cause thedata access state indicator 140 to indicate the DA state of the device100, and transmits the generated indicator control signal to theindicator 140, at steps 406 and 408 respectively. The controller 110 isconfigured to generate the indicator control signal according to type ofDA state indicator 140 implemented by the device 100, including thedisplay components 142 and indicator control circuitry 141.

FIG. 5 illustrates a process 500 to generate the indicator controlsignal in the case that indicator 140 includes persistent displaycomponents 142 in the form of a color changing surface (as depicted inFIGS. 2 a-2 c ). At step 502, the controller 110 determines the dataaccess state of the device 100. Processor 111 obtains the DA state byaccessing memory 114 to retrieve the value of the binary DA statevariable. With reference to process 400, the DA state value retrieved bythe processor 111 during step 406 corresponds to the access stateselectively set by the controller 100 in previous step 404 (i.e., inresponse to an lock/unlock event).

At step 504, the controller 110 determines an access color correspondingto the determined data access state. The access color is determinedbased on a mapping of, at least, the unlocked state to a first color andthe locked state to a second color. In the described embodiments, theaccess controller 110 is configured to maintain a mapping of particularcolors to the data access states to determine the access color. Thismapping may be stored in the firmware 115 a or as part of the indicatorcontrol data 115 c. For example, in one mapping the indicator controldata 115 c specifies a CMYK color model representation of each accesscolor (i.e., as access color data) as follows:

Data Access DA state Access color data (DA) state of variable Access(cyan, magenta, DSD 100 value color yellow, black) Unlocked 0 Blue (100,100, 0, 0) Locked 1 Red (0, 99, 100, 0)

In this example, the locked and unlocked states are represented by redand blue colors respectively, and indicator control data 115 c mapsbinary DA state variable values to corresponding integer vectors of CMYKcolors. In other embodiments, the indicator control data 115 c mayinclude access color data representing the values of other opticalproperties of the electronic materials of surface 142 a. In the examplediscussed above, indicator control data 115 c maps transparency valuesof electrochromic material 142 b to the data access state of the device100, such that surface 142 a assumes the appropriate access color inresponse to a change in the transparency of the material 142 b.

At step 506, the controller 110 determines a voltage to apply to theelectrochromic material to change the color of the color changingsurface 142 a to the access color. Processor 111 determines the voltagevalue by retrieving parameters including a subset of the indicatorcontrol data 115 c corresponding to the DA state (e.g., vector (0, 99,100, 0) for the locked state) and a routine of firmware 115 a with theretrieved parameter data. The routine is specific to surface 142 a andreturns one or more voltage values to apply to the electrochromicmaterial of the surface 142 a to affect a change in its color to theaccess color.

The processor 111 is configured to generate the indicator control signalby invoking driver 115 b with the determined voltage values, and otherdata relevant to the control of the optical properties of surface 142 aas stored in firmware 115 a. Driver 115 b is specific to the colorchanging surface 142 a and generates an appropriate indicator controlsignal to direct the function of the control circuit 141, and therebycontrol the color changing surface 142 a.

Returning to FIG. 4 , at step 408 the controller 110 transmits theindicator control signal to the control circuit 141 of DA stateindicator 140. The indicator control circuit 141 includes one or moreelectronic components that are configured to process the receivedindicator control signal to: apply the determined voltage to theelectrochromic material to change the color changing surface 142 a tothe access color (e.g., red); and cease application of the voltage tothe electrochromic material after change of the color of the surface 142a to the access color.

In some embodiments, the surface 142 a is part of an electrochromicdevice, and the indicator control circuit 141 includes electrodesconfigured to apply the determined one or more voltages to theelectronic materials according to the specific organization of thesurface 142 a In the example above the control circuit 141 directs theapplication of a voltage to alter the transparency of the material 142b. Specifically, in response to material 142 b becoming transparent, asshown in FIG. 2 b , colored layer 142 c below the electrochromicmaterial 142 b is revealed, causing the surface 142 a to assume thecolor of the colored layer 142 c (i.e., as the access color).

In response to material 142 b becoming opaque, the colored layer 142 cis covered and the color of material 142 b is assumed as the accesscolor. For example, the colored layer 142 c may be red and theelectrochromic material 142 b becomes transparent to transform the colorchanging surface 142 a to red (i.e., to indicate a locked device) bypermitting the colored layer 142 c to be seen.

The color changing surface 142 a may remain a default color of theelectrochromic material 142 h. The default color may be set to the firstcolor corresponding to the unlocked state, such that a transition to thesecond color corresponding to the locked state occurs in response to thematerial 142 b being made transparent by the control circuit 141. Insome embodiments, the default color of the material 142 b may match thecolor of the enclosure 116.

Accordingly, by executing steps 504 and 506 the controller 110 performsa controlled variation of the color of surface 142 a to the accesscolor, such that the surface 142 a indicates the DA state of the device100, and where the surface 142 a retains the access color aftercessation of the application of the voltage (i.e., irrespective ofwhether the indicator is powered after the visual transition occurs).

FIG. 6 illustrates a process 600 to generate the indicator controlsignal in the case that indicator 140 includes persistent displaycomponents 142 in the form of a bi-stable display panel (as depicted inFIG. 3 a ). At step 602, the controller 110 determines the data accessstate of the device 100. As described above for step 502, processor 111obtains the DA state by retrieving the value of the binary DA statevariable from memory 114.

At step 604, the controller 110 determines an access label correspondingto the determined data access state. The access label is determinedbased on a mapping of, at least, the unlocked state to a first label(i.e., the static text label “Unlocked”) and the locked state to asecond label (i.e., the static text label “Locked”). In the describedembodiments, indicator control data 115 c includes, for each voltagecontrollable region of the substrate (i.e., each pixel), a 2-dimensionalco-ordinate vector (x,y) indicating the relative position of the pixelon the substrate. The access controller 110 is configured to maintain,for each data access state label, a mapping indicating whetherparticular pixel locations on the substrate are “light” or “dark” (e.g.,as binary ‘0’ or ‘1’ values) in order to imprint the label on thesubstrate. The indicator control data 115 c stores the mappings as amatrix structure for the locked label M_(locked) and for the unlockedlabel M_(unlocked.)

A linking map is stored in firmware 115 a to link the data access stateof the device 100 to the corresponding matrix structures (i.e., theaccess label data) of the indicator control data 115 c, for example as:

Data Access DA state (DA) state of variable DSD 100 value Access labelAccess label data Unlocked 0 “UNLOCKED” M_(unlocked) Locked 1 “LOCKED”M_(locked)

At step 606, the controller 110 determines a set of voltages to apply tothe pixel regions of the display panel 142 d to change the label 142 eto the access label. Processor 111 determines the voltage values byretrieving access label data from the indicator control data 115 ccorresponding to the DA state and executing a routine of firmware 115 awith the retrieved parameter data as input. The routine is specific todisplay panel 142 d and outputs a set of voltage values to apply to therespective pixel regions of the substrate of panel 142 d in order tochange the imprinted label to the access label.

The processor 111 is configured to generate the indicator control signalby invoking driver 115 b with the determined voltage value set, andother data relevant to the control of the optical properties of panel142 d as stored in firmware 115 a. As described above, driver 115 b isspecific to the display components 142 (i.e., panel 142 d) and generatesan appropriate indicator control signal to direct the function of thecontrol circuit 141, and thereby control the substrate of panel 142 d.

The controller 110 transmits the indicator control signal to the controlcircuit 141 of DA state indicator 140. The indicator control circuit 141includes one or more electronic components that are configured toprocess the received indicator control signal to: apply the determinedset of voltages to the regions of the substrate of the display panel 142d to change the label 142 e of the display panel 142 d to the accesslabel: and cease application of the set of voltages after change of theelectronic label 142 e on the display panel 142 d.

In other embodiments, the data access state indicator 140 includes adisplay panel 142 f with an underlying layer 142 g having a static label142 i, and a display surface layer 142 h covering the underlying layer142 g. The optical transparency of the display surface layer 142 h isvariable in response to an applied voltage, such that the surfacefunctions as a shutter to reveal or hide at least a portion of thestatic label 142 i. The controller 110 determines the static accesslabel 142 i from label data stored in the memory 114. The transparencyvalues of the display surface 142 h are determined by transparency valuemapping data of the indicator control data 115 c, including anindication of the transparency of the display surface 142 h for eachdata access state. For example, the transparency value map may include,for each of the unlocked and locked data access states: integer valuesbetween 0 and 100 representing a desired degree of transparency of thedisplay surface 142 h (i.e. with 0 being fully opaque and 100 beingfully transparent), and corresponding voltages required to achieve thetransparency.

The controller 110 determines a voltage to apply to the panel 142 f tochange the visibility of the label 142 i in response to a change in thedata access state of the data storage device 100. That is, by theapplication the voltage to the display surface 142 h of panel 142 f thetransparency of the surface is altered, resulting in a correspondingvariation in the visibility of some, or all, of static label 142 i tothe user 101.

The voltage is determined by the processor 111 based on the indicatorcontrol data 115 c corresponding to the DA state, and by executing aroutine of firmware 115 a. The processor 111 is configured to generatethe indicator control signal by invoking driver 115 b with thedetermined voltage value, similarly to the processes described above. Incontrast to the embodiments where the distinct access labels 142 e areselected and rendered by the panel 142 d, the use of a specified fixedlabel 142 i that is revealed or hidden, by an overlying display surface142 h, in response to a change in the data access state does not involvethe application of voltages at the pixel-specific level. Instead, thevoltage values may be adjusted at the display surface layer level, suchas to affect the transparency of the layer and thereby control thevisibility of the underlying static label 142 i to the user 101 (i.e.,rather than manipulating the voltages to control the display a largenumber of individual pixel regions). This may provide advantagesincluding a reduced cost and a reduced complexity of implementation.

The function of the indicator control circuit 141 varies according tothe type of electrophoretic display panel 142 d implemented by theindicator 140. In the multi-layered implementation of the substratedescribed above, the application of individual voltages (as specified bythe determined voltage set) is performed using MOSFET-based thin-filmtransistor (TFT) technology. Specifically, a TFT is allocated to eachpixel or lined region on the substrate and the application such that, inresponse to the collective application of the determined voltages, ahigh-density image is formed on the substrate to visually render theaccess label.

The embodiments of the DSD 100 illustrated in FIGS. 2 a-2 c and 3,depict a DSD 100 with a single DA state indicator 140 being either oneof a color changing surface 142 a or a bi-stable display panel 142 d. inother embodiments, the DSD 100 may be implemented with multiple stateindicators 140, such as for example at least one color changing surface142 a and a bi-stable display panel 142 d. The display panel 142 d maybe formed on top of, or integrally with, a portion of the color changingsurface 142 a to improve the ease with which the user 101 may obtaindata access state information of the device 100.

The combined use of both a color changing surface 142 a and a bi-stabledisplay panel 142 d provides the advantage of more clearly indicatingthe data access state of the device 100 to a user 101 (i.e., bypresenting two different visual representations of the data access stateinformation). For example, a color blind user 101 may not be able toeasily ascertain the data access state from observing the surface 142 aalone. However, by observing the static textual label 142 e imprinted onthe bi-stable display panel 142 d the user 101 may still be able todetermine the data access state irrespective of the color of surface 142a.

Ambient Power Sources

With reference to FIG. 1 a , the DSD 100 includes an independent powersource (i.e., a source that is not associated with another device) inthe form of the ambient power source 118. In the described examples, theambient source 118 is connected to the DA state indicator 140, andthereby provides the indicator 140 with an alternative source of powerto the data port 106. In some embodiments, the power source 118 alsosupplies power to the access controller 110 by power flow 125.

FIG. 7 a illustrates an embodiment in which the ambient power source 118is a solar based source configured to generate electrical energy fromsolar radiation incident on the DSD 100. The ambient source 118includes: one or more solar cells 701-70N, a converter module 712; and apower storage module 714. Solar cells 701-70N are formed on, orintegrally within, an outer surface of the enclosure 116 such as to beexposed to solar radiation within an environment of the DSD 100. In oneexample, the cells 701-70N are organized within a miniature solar panel,where the panel itself is embedded into, or affixed to, the enclosure116. Alternatively, the cells 701-70N may be incorporated into aflexible and semi-transparent thin-film coating that is printed onto theouter surface of enclosure116 (i.e., as a ‘solar ink’).

For example, in one embodiment each cell 701 , . . . , 70N is aperovskite solar cell including: a perovskite absorber layer acting asthe light-harvesting active layer composed of mesoporous TiO2 coatedwith a perovskite absorber; and n-type and p-type material layers forelectron and hole extraction respectively, where the n-type and p-typematerial layers are contacted with the active layer to promote theextraction of photogenerated electrons. Perovskite cells 701, . . , 70Nimplemented as single junction cells, as described above, operate atapproximately 25 percent power conversion efficiency (PCE) rating.However, a maximum efficiency of approximately 29% is possible byimplementing the cells as silicon-based tandem cells.

The converter 712 is electrically connected to each cell 701, . . . ,70N, and is configured to receive electrical charge generated by thecells 701, . . . , 70N. The converter 712 accumulates the chargegenerated by each individual cell 701-70N and outputs an electricalcurrent to the power storage module 714. Power storage module 714 isimplemented as a type of internal battery in the described device 100,configured to receive as input the generated energy output by theconverter 712, and to supply power to the data access state indicator140 (i.e., via power flow 121), including the indicator control circuit141 and display components 142. Converter 712 may be implemented as anultralow-power circuit configured to regulate the voltages of powerprovided by the solar cells and the power storage module 714 (e.g., inorder to extend the functional life of the module). Some implementationsof the source 118 may not include the converter 712 such that storage714 receives charge directly from solar cells 701-70N.

FIG. 7 b illustrates an embodiment in which the ambient power source 118is a radio-frequency (RF) energy harvester configured to generateelectrical energy from RF waves in the environment of the DSD 100. Powerharvesting or energy harvesting is a technique to collect energy fromthe external environment using different methods includingthermoelectric conversion, vibrational excitation, solar energyconversion, pressure gradients, and RF signals. RF wireless energyharvesting generates energy from electromagnetic waves by capturing andconverting electromagnetic energy into a usable continuous DC voltagesignal.

In the described example, RF harvesting power source 118 includes: anantenna 751 an impedance matching network 752; a rectifier/voltagemultiplier 753; and a power storage component 754. The RF harvestingpower source 118 is configured to continuously control and harness theRF energy in the environment of the DSD 100 as emitted by an RF source(e.g., as satellite stations, wireless internet, radio stations, anddigital multimedia broadcasts). The RF source (not shown) is typicallyconnected to a transmitting antenna that emits radio waves. Antenna 751is configured as a receiving antenna to capture some of the emittedwaves enabling conversion into an electrical signal. In this disclosure,the term “antenna” refers to any RF capturing element implemented withinsource 118, including, but not limited to, a single element antenna, anantenna array, or an inductive coil.

As shown in FIG. 7 b , antenna 751 is implemented as a flat planar coilmounted behind a thin protective layer that does not attenuate RFenergy. For example, the antenna 751 may be formed using a multi-coilassembly, with the coil diameter set to the maximum length permitted bythe enclosure 116 (i.e., in order to maximize the wavelength). A coilassembly designed for close-proximity wireless charging may be used insome embodiments, such as where the coil is adapted to extract RF energyfrom different bands if coupled to a low-loss tuning circuit. Antenna751 may be formed integrally within the material of the enclosure 116 toprovide protection against physical wear or damage. In otherembodiments, the antenna 751 may be affixed to an outer surface of theenclosure 116 and housed within a separate enclosure (e.g., as apre-fabricated multi-coil assembly).

The power received by antenna 751 is determined by the distance betweenthe RF source and the RF receiver (i.e., the DSD 100). the sensitivityof the receiver antenna, the characteristics of the receiving antenna,and the frequency of the RF signal. Assuming an unobstructed space and asource of isotropic transmission, the diffusion of waves in alldirections is uniform. Therefore, the power per unit area at a distancefrom the source is inversely proportional to the square of the distancebetween the antennas. However, the transmitting antenna does not alwaystransmit energy in a spherical wax (isotropic antenna) but may transmitenergy in some specific directions according to their design. Thecapacity and inductance of an antenna are functions of its frequency andphysical size. The larger the antenna size, the lower the resonancefrequency. Therefore, the there exists a trade-off between facilitatingthe reception of low-frequency waves (which requires a large aperture),and the design of a physically compact antenna 751 that is suitable forincorporation within the enclosure 116. The bandwidth of an antenna isthe frequency range in which the antenna can work efficiently.Narrow-band antennas offer good conversion efficiency but can onlyrecover a limited amount of energy.

In general, power transmission and reception in free space is regulatedby:

$P_{r} = {\frac{P_{T}G_{t}G_{r}}{( {4\pi R} )^{2}}\lambda^{2}}$

where P_(r) and P_(T) are the power in reception and transmission, G_(r)and G_(t) are the gains of the two antennas, λ the wavelength of the RFemission, and R the distance between the two antennas.

As shown in FIG. 7 b , an impedance matching circuit 752 is appliedbetween the antenna 751 and the rectifier 753. Since the RF energyextracted from the free space usually has a low power density, theimpedance matching network (IMN) 572 is used to maximize the powertransfer between the RF source and the load (i.e., to assist inproducing enough DC energy from the electromagnetic waves to supply theloads).

The signal generated by the IMN 752 is rectified by the rectifier 753 tomeet the application power requirements of the device 100. That is, therectifier 753 functions as a voltage multiplier circuit that convertsand amplifies the AC input (i.e., as produced by the IMN 752) to the DCoutput. DC output signal is supplied to power storage module 754,implemented as an internal battery, as described above. In someembodiments, the RF harvesting source 118 may omit the internal battery754 and supply power output from the voltage multiplier 753 directly tothe data state indicator 150 and access controller 110 components.

The performance of the RF harvesting source 118 to power at least theindicator 140 of device 100 may be represented by the efficiency ofconversion of RF energy into DC (PCE) by the source (i.e., the ratiobetween the amount of power output from rectifier 753 and that recoveredby the antenna 751). In some embodiments, the aforementioned componentsof the RF harvesting source 118 may be implemented according to a customfabrication and configuration process especially designed for aparticular device 100. In other embodiments, the RF harvesting source118 can be implemented as a pre-fabricated electronic circuit, such asfor example, the Nano-Power band LTC3588-1 circuit by Analog, whichprovides a selectable output voltage from 1.8 V up to 3.6 V and outputcurrent up to 100 mA.

The selection and/or configuration of a pre-fabricated RF harvestingcircuit can impact upon the power generation properties of the source118 in particular environments of the DSD 100. For example, some typesof RF harvesting circuits may be configured to function optimally inareas where the RF transmission occurs at 2.4 GHz. As this type ofsignal is primary produced by WiFi transmission, the power generated bythe source 118 may be reduced in environments where such WiFitransmitters are infrequently encountered and/or sparsely located (e.g.,in rural areas).

Referring back to FIG. 1 a , in some embodiments the DSD 100 may receivepower through the data port 106 (i.e., as provided by the host computer130) and also from ambient power source 118 simultaneously. In responseto both the power source 118 and the data port 106 providing an activepower source, the device 100 is configured to preferentially powerparticular device components from a single source. For example, powersupplied to the persistent display 142 of indicator 140 may be obtainedpreferentially from the host computer 130 via the data port 106 over theindependent power source 118. In this case, the power that wouldotherwise be supplied by source 118 is used to charge internal battery714. This is advantageous in that it enables the independent source 118to provide a more consistent power supply when power is no longeravailable from data port 106, and in response to a temporary inabilityof the source 118 to generate new power (i.e., if there is no solarradiation incident on the device 100, or no RF energy to harvest in thevicinity of the device 100).

In response to the ceasing of power supplied through the data port 106,the device 100 is configured obtain power from the ambient power source118 to power the data state indicator 140. In some embodiments, evenwithout the supply of power from the data path 104 the access controller110 receives power from the power source 118 (directly, or indirectlyvia battery 113) to enable the controller 110 to perform particularfunctions.

For example, the access controller 110 may secure access to the usercontent data 109 automatically on the disconnection of power from thehost computer 130. That is, the access controller 110 interprets theloss of power from host 130 as a logical disconnection of the hostdevice 130 from device 100, and generates a lock event to automaticallylock the DSD 100, such that a corresponding unlock event is required toregain access to the data 109 (i.e., when the host 130 is reconnected toport 106).

In response to the generation of the lock event, the controller 110automatically changes the change the data access state from the unlockedstate to the locked state, and generates the indicator control signalsto cause the data state indicator 140 to represent the DA state changeaccording to the methods described above. Since the data state indicator140 obtains power from the independent source 118, the device 100persistently indicates the locked state without power from the hostcomputer 130.

In the embodiments described above, the data access state indicator 140indicates the data access state of the device 100 to a user 101 viapersistent display components 142 that retain particular visualrepresentations in the absence of power from data port 106 (e.g., colorchanging surfaces 142 a and bistable displays 142 d). However, theambient power source 118 enables the device 100 to indicate the dataaccess state using other types of data access state indicator 140. Forexample, in some implementations the data access state indicator 140 mayinclude one or more LEDs, or other active light sources, configured toreceive power from at least the ambient source 118. In response to thesupply of power from the ambient source 118, the LEDs function toprovide a persistent visual indication of the data access state withoutpower from data port 106.

In other embodiments, the data access state indicator 140 may includenon-visual indication components in conjunction with one or more visualindication components. The use of non-visual indication components inthe indicator 140 may be advantageous in improving device usability byconveying an indication of the data access state in cases where the usercannot obtain the data access state information from a visualrepresentation (e.g., for a user that is visually impaired).

Throughout this specification the word “comprise”, or variations such as“comprises” or “comprising”, will be understood to imply the inclusionof a stated element, integer or step, or group of elements, integers orsteps, but not the exclusion of any other element, integer or step, orgroup of elements, integers or steps.

Any discussion of documents, acts, materials, devices, articles or thelike which has been included in the present specification is not to betaken as an admission that any or all of these matters form part of theprior art base or were common general knowledge in the field relevant tothe present disclosure as it existed before the priority date of each ofthe appended claims.

1. A data storage device 100 comprising: a non-volatile storage medium108 configured to store user data 109; a data port 106 configured totransmit data and power between a host computer system 130 and the datastorage device 100; a data access state indicator 140; and a controller110 configured to: selectively set a data access state of the datastorage device 100 to either: an unlocked state to enable access to theuser data 109; or a locked state to disable access to the user data 109;and generate an indicator control signal to cause the data access stateindicator 140 to indicate the data access state, wherein the data accessstate indicator 140 is configured to indicate the data access stateirrespective of whether the data storage device 100 is powered throughthe data port
 106. 2. The data storage device 100 according to claim 1,wherein the data access state indicator 140 includes one or morepersistent display components 142 configured to display a visualrepresentation of the data access state, and to retain the visualrepresentation in the absence of power.
 3. The data storage device 100according to claim 2, wherein the data access state indicator 140includes a color changing surface 142 a having an electrochromicmaterial 142 b configured to change color in response to a voltageapplied to the material to indicate the data access state of the datastorage device
 100. 4. The data storage device 100 according to claim 3,wherein in the locked state, no voltage is applied to the material 142 band wherein the corresponding color of the color changing surface 142 aindicates a locked state.
 5. The data storage device 100 according toclaim 3, wherein the generation of the indicator control signal by thecontroller 110 comprises: determining the data access state of the datastorage device 100; determining an access color corresponding to thedata access state based on a mapping of, at least, the unlocked state toa first color and the locked state to a second color; determining avoltage to apply to the electrochromic material 142 b to change thecolor of the color changing surface 142 a to the access color, whereinthe color changing surface 142 a retains the access color aftercessation of the application of the voltage.
 6. The data storage device100 according to claim 5, further comprising: an indicator controlcircuit 141, and wherein the data storage device 100 is furtherconfigured to: transmit the generated indicator control signal to theindicator control circuit 141 to cause the indicator control circuit 141to: apply the determined voltage to the electrochromic material 142 b tochange the color changing surface 142 a to the access color; and ceaseapplication of the voltage to the electrochromic material 142 b afterchange of the color of the color changing surface 142 a to the accesscolor.
 7. The data storage device 100 according to claim 2, wherein thedata access state indicator 140 is a bi-stable display panel 142 dconfigured to display an electronic label 142 e on a substrate inresponse to a voltage applied to one or more regions of the substrate,where the label 142 e indicates the data access state of the datastorage device
 100. 8. The data storage device 100 according to claim 7,wherein the generation of the indicator control signal by the controller110 comprises: determining the data access state of the data storagedevice 100; determining an access label corresponding to the data accessstate based on a mapping of, at least, the unlocked state to a firstlabel and the locked state to a second label; determining a set ofvoltages to apply to corresponding regions of the substrate of thedisplay panel 142 d to change the label 142 e of the bi-stable displaypanel to the access label, wherein the bi-stable display 142 d retainsthe access label after the panel is unpowered.
 9. The data storagedevice 100 according to claim 8, further comprising: an indicatorcontrol circuit 141, and wherein the controller 110 is furtherconfigured to: transmit the generated indicator control signal to theindicator control circuit 141 to cause the indicator control circuit 141to: apply the determined set of voltages to the regions of the substrateof the display panel 142 d to change the label of the display panel 142d to the access label; and cease application of the set of voltagesafter change of the electronic label 142 e on the display panel 142 d.10. The data storage device 100 according to claim 2, wherein the dataaccess state indicator 140 is a display panel 142 f, including: anunderlying layer 142 g having a specified static label 142 i indicatingthe data access state of the data storage device 100; and a displaysurface layer 142 h covering the underlying layer 142 g, wherein thedisplay surface layer 142 h has an optical transparency that varies inresponse to an applied voltage.
 11. The data storage device 100according to claim 10, wherein the generation of the indicator controlsignal by the controller 110 comprises: determining the data accessstate of the data storage device 100; determining, based on thedetermined data access state, a voltage to apply to the display surfacelayer 142 h to change the transparency of the display surface layer 142h to reveal or hide the static label 142 i of the underlying layer 142g, wherein the static label 142 i of the underlying layer 142 g remainsrevealed or hidden after the panel is unpowered.
 12. The data storagedevice 100 according to claim 2, wherein the persistent display 142 ofthe data storage device 100 is configured to obtain power from at leastone of: the host computer system 130 via the data port 106; and anindependent power source 118 associated with the data storage device100.
 13. The data storage device 100 according to claim 12, wherein thepower supplied to the persistent display 142 is obtained preferentiallyfrom the host computer 130 via the data port 106 over the independentpower source
 118. 14. The data storage device 100 according to claim 12,wherein the independent power source 118 is an ambient power sourceconfigured to generate power from an environment around the data storagedevice
 100. 15. The data storage device 100 according to claim 14,wherein the ambient power source 118 comprises: at least one of: one ormore solar cells coupled to the data storage device 100 and configuredto generate a charge in response to incident solar radiation; and one ormore radio-frequency (RF) harvesting components configured to generate acharge in response to contact of the RF components with electromagneticradiation; and a battery electrically connected to the at least one ofthe one or more solar cells and the one or more RF harvesting componentsto store generated charge.
 16. The data storage device 100 according toclaim 12, wherein, in response to disconnection of power from the hostcomputer 130, the data storage device 100 is further configured to:automatically change the data access state from the unlocked state tothe locked state; and persistently indicate the locked state withoutpower from the host computer
 130. 17. The data storage device 100according to claim 1, wherein the controller 110 is further configuredto generate a physical enable signal to: in response to selectivelysetting the data access state to the unlocked state, enable transmissionof user data 109 between the host computer system 130 and the storagemedium 108 via the data port 106; and in response to selectively settingthe data access state to the locked state, disable transmission of userdata 109 between the host computer system 130 and the storage medium 108via the data port
 106. 18. The data storage device 100 according toclaim 1, further comprising a cryptography engine 107 connected betweenthe data port 106 and the storage medium 108, and wherein the controller110 is further configured to: in response to selectively setting thedata access state to the unlocked state, instruct the cryptographyengine 107 to use a decryption key to perform a decryption function toselectively decrypt encrypted user data 109 stored on the storage medium108.
 19. A method for indicating a data access state of a data storagedevice 100, the method executed by a controller 110 of the device 100and comprising: selectively setting a data access state of the datastorage device 100 as: an unlocked state to enable access to user data109 stored on a non-volatile storage medium 108 of the data storagedevice 100; or a locked state to disable access to the user data 109;and generating an indicator control signal to cause a data stateindicator 140 of the data storage device 100 to indicate the data accessstate, and wherein the data state indicator 140 is configured toindicate the data access state irrespective of whether the data storagedevice 100 is powered through a data port 106 configured to transmitdata and power between a host computer system 130 and the data storagedevice
 100. 20. A data storage device 100 comprising: means for storinguser data 109; means for transmitting data and power between a hostcomputer system 130 and the data storage device 100; means forindicating a data state 140; means for selectively setting a data accessstate of the data storage device 100 as: an unlocked state to enableaccess to user data 109 stored on a non-volatile storage medium 108 ofthe data storage device 100; or a locked state to disable access to theuser data 109; and means for generating an indicator control signal tocause a data state indicator 140 of the data storage device 100 toindicate the data access state, and wherein the data state indicator 140is configured to indicate the data access state irrespective of whetherthe data storage device 100 is powered through a data port 106configured to transmit data and power between a host computer system 130and the data storage device 100.